this post was submitted on 19 Aug 2023
80 points (97.6% liked)

Technology

59428 readers
3150 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Summary

  • LinkedIn users are being targeted by a campaign that steals their accounts and then demands a ransom to avoid having the accounts deleted.
  • The attackers may be using a variety of methods to gain access to accounts, including brute force attacks and credential stuffing.
  • Victims are usually made aware of the attack when they receive a notification that the email address associated with their account has been changed.
  • In some cases, the attackers have also added fake accounts to the victim's connections.
  • LinkedIn support has not been helpful in recovering the breached accounts, with users reporting long wait times and unhelpful responses.
  • The best way to protect yourself from this attack is to set up two-step verification (2FA).

More Details

  • 2FA adds an extra layer of security to your account by requiring you to enter a code from your phone in addition to your password when you sign in.

At least 2 Ways to set up 2FA on LinkedIn

  1. Authenticator app 2FA: This method uses an app on your phone to generate a code. Authenticator app 2FA is considered to be more secure than SMS 2FA.
  2. SMS 2FA: This method sends a code to your phone via SMS.
all 14 comments
sorted by: hot top controversial new old
[–] tfw_no_toiletpaper@feddit.de 27 points 1 year ago

Nothing of value was lost

[–] housepanther@lemmy.goblackcat.com 9 points 1 year ago (1 children)

If I had a LinkedIn account, they could have at it. LinkedIn is capitalist pr0n.

[–] Cannibal_MoshpitV3@lemmy.world 3 points 1 year ago (1 children)

Nothing but corporate dicksucking

That's truly all it is! There is nothing of value that can be learned on LinkedIn. It's bootlickers dry humping the wealthy.

[–] TenderfootGungi@lemmy.world 6 points 1 year ago

My linked in account has zero value. Delete away my non-friends.

[–] WarmSoda@lemm.ee 6 points 1 year ago* (last edited 1 year ago) (1 children)

Ugh a friend of mine just sent me two links to LinkedIn to people that are yelling about secret energy weapons no one knows about the government is using to create wildfires in Hawaii... I just replied with no thanks.

I'm still processing it. And then this post pops up. I'm not even going to let her know about it.

[–] Zima@kbin.social 2 points 1 year ago (1 children)

I was trying to predict the conspiracy theories and I had come up with that one. I still have not seen anyone claiming it was a russian hack of the electric grid but I'm sure it will come up soon.

[–] Windswept@lemmy.world 4 points 1 year ago (1 children)

This would make a good community, post news stories and have other people try to predict conspiracy theories about them!

[–] WarmSoda@lemm.ee 1 points 1 year ago* (last edited 1 year ago) (1 children)

Like a bingo board comm.

TinfoilBingo.
NewsBingo.
Newspiracy.
Idk just throwing names out there. Could even have scores for people that guess correctly for each story/event. That could be fun.

[–] GigglyBobble@kbin.social 2 points 1 year ago

TinfoilBingo

I like that one.

[–] lickmysword@sh.itjust.works 4 points 1 year ago (1 children)

Correct me if I'm wrong but weren't the people exposed by clicking or opening something malicious? And those with a truly strong password are fine?

[–] Raisin8659@monyet.cc 4 points 1 year ago

They didn't mention phishing and malware, although they didn't exclude them either.

They mentioned:

  • credential stuffing = email/password reused. potential solutions = use unique passwords, use unique email (use aliases).
  • brute-forcing password. potential solutions = use strong random (and unique) passwords, use 2FA.
[–] thorbot@lemmy.world 3 points 1 year ago

Oh no what will they do without their idiotic posts on a bullshit social media site with a thin business veneer slapped on top